Abstract: A user interface for monitoring a number of parameters of a system includes an electronic display element and a display driver for controlling the electronic display element so as to display a data graph thereon. The data graph includes a bounded area divided into a plurality of segments, each segment representing one of the parameters; and a number of concentric portions formed in each segment, each concentric portion representing a state or value of the parameter represented by its corresponding segment. The display driver receives data representative of a current state or value of each of the parameters and indicates the current state or value of the parameters by marking the concentric portions that represent the current states or values.

Abstract: Methods and apparatus are provided for communicating a flow of packets with a requested quality of service. An exemplary method involves receiving a first packet of a flow, determining a first reference value for the packet flow identification field of the first packet using a key value, and facilitating the requested quality of service for the first packet when the received value of the packet flow identification field of the first packet matches the first reference value. The method continues by receiving a second packet of the flow, determining a second reference value for the packet flow identification field using the key value, and facilitating the requested quality of service for the second packet when the received value of the packet flow identification field of the second packet matches the second reference value.

Abstract: An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: A system for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication. The first device sends the collaboration credential generated by the server to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: A system and method for enabling a primary and a secondary communication device to share a user identity assertion is presented. The user identity assertion enables the devices to access an application system. The primary and secondary devices are paired to place them in collaboration with each other. The primary device requests an identity provider system to issue a user identity assertion scoped to the primary and secondary communication device. The identity provider system authenticates the primary device and generates the user identity assertion scoped to the primary device and the secondary device identified in the request. The primary communication device receives the user identity assertion and communicates the user identity assertion to the secondary device. The primary device may request the user identity assertion by communicating a user identity assertion scoped to the primary device and a single sign on session cookie or a request for an extension assertion.

Abstract: An apparatus for, and method of, single sign-on collaboration among a plurality of mobile devices, includes a server for issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration key to the first device based on the first identity token or user authentication. The first device generates and sends a collaboration credential based on the collaboration key to a second device paired with the first device. The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices.

Abstract: A network device is configured to authenticate a collaborative session between at least two communication devices. The network component receives an indication that at least two devices located within a predefined physical range are attempting to collaborate. The network component determines, based on the indication, that the two devices are authentic and that the two devices are attempting to collaborate. Responsive to determining that the two devices are authentic and attempting to collaborate, the network component determines that the two devices are authorized to collaborate and a level on which the two devices are authorized to collaborate. The network component sends an authorization response to at least one of the at least two devices, wherein if the two devices are authorized to collaborate the authorization response includes the level on which the two devices are authorized to collaborate.

Abstract: Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.

Abstract: Techniques are provided for enabling application steering/blocking in a secure network which includes a network entity, and a first tunnel endpoint coupled to the network entity over an encrypted tunnel. The first tunnel endpoint associates at least a first Security Parameter Index (SPI) to a first application identifier to generate first mapping information (MI), communicates the first MI to the network entity, and transmits an encrypted message to the network entity over the encrypted tunnel. The encrypted message includes an encrypted packet and an unencrypted header including the first SPI. The network entity determines the first SPI from the unencrypted header, determines the first application identifier based on the first SPI and the first MI, and identifies a first application associated with the first application identifier. The network entity can still perform application steering/blocking even though traffic passing through the tunnel is encrypted.

Abstract: A method and apparatus for modifying the Multimedia Internet KEYing (MIKEY) protocol to support an extended key-management message (KMM), wherein the apparatus programs a computer to perform the method, which includes: determining that a KMM is directed to a target device; determining that the KMM is an extended KMM related to a key-management operation that is not supported by the standard MIKEY protocol; signaling the extended KMM in at least one field of a MIKEY message; and sending the MIKEY message to the target device.

Abstract: A system and method for secure communications in a communication system, wherein the system programs a computer to perform the method, which includes: receiving at least one authentication key, without an encryption key, from a key-management server; receiving a packet, which is encrypted, from a source device; authenticating the packet, using the at least one authentication key, without cryptographically altering the packet; and forwarding the authenticated packet to a destination device of the packet.

Abstract: A key message can include a key-encryption-key (KEK) associated with a KeyDomainID and a KeyGroupID. A session description message can describe streaming media initialization parameters containing media stream information for one or more media streams. For each media stream, the media stream information can include an IP address and a data port. The session description message can further contain a linkage for binding the KEK to a corresponding one of the media streams. The linkage can include the KeyDomainID and KeyGroupID or can include an abstract representation of the KeyDomainID and KeyGroupID. During session initialization, the key-encryption-key (KEK) can be bound to the media streams using the linkage of the session description message. Each of the media streams can be secured using a traffic key conveyed to user equipment (UE) under protection of the key-encryption-key (KEK).

Abstract: Methods and apparatus are provided for communicating a flow of packets with a requested quality of service. An exemplary method involves receiving a first packet of a flow, determining a first reference value for the packet flow identification field of the first packet using a key value, and facilitating the requested quality of service for the first packet when the received value of the packet flow identification field of the first packet matches the first reference value. The method continues by receiving a second packet of the flow, determining a second reference value for the packet flow identification field using the key value, and facilitating the requested quality of service for the second packet when the received value of the packet flow identification field of the second packet matches the second reference value.

Abstract: Methods, systems and apparatus are provided for source authentication. In accordance with the disclosed embodiments, a key-management server generates a key-delivery message that includes a key data transport payload secured with a group key, and a source authentication payload. Upon receiving the key-delivery message at a communication device, the communication device may verify whether the source authentication payload of the key-delivery message is valid. When the source authentication payload is determined to be valid, the communication device thereby authenticates that the key-delivery message was transmitted by the key-management server.

Abstract: A method (200, 300, 400) of communicating an IPv6 packet (120) over an IPv4 based network (102). The method can include receiving the IPv6 packet to be communicated to a remote unit (104), encapsulating the IPv6 packet in an IPv4 transition packet (122), and communicating the IPv4 transition packet to an IPv4 MVPN (114) server configured to communicate the packet to the remote unit via infrastructure of an IPv4 radio access network. Another aspect of the present invention relates to a method of processing an IPv6 packet received over an IPv4 based network. The method can include receiving from an MVPN server an IPv4 formatted packet that is being communicated to a remote unit, and removing from the packet at least one IPv4 header to result in the packet being formatted in accordance with IPv6.

Abstract: A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request.

Abstract: Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.

Abstract: A system and method for secure communications in a communication system, wherein the system programs a computer to perform the method, which includes: receiving at least one authentication key, without an encryption key, from a key-management server; receiving a packet, which is encrypted, from a source device; authenticating the packet, using the at least one authentication key, without cryptographically altering the packet; and forwarding the authenticated packet to a destination device of the packet.

Abstract: A key message can include a key-encryption-key (KEK) associated with a KeyDomainID and a KeyGroupID. A session description message can describe streaming media initialization parameters containing media stream information for one or more media streams. For each media stream, the media stream information can include an IP address and a data port. The session description message can further contain a linkage for binding the KEK to a corresponding one of the media streams. The linkage can include the KeyDomainID and KeyGroupID or can include an abstract representation of the KeyDomainID and KeyGroupID. During session initialization, the key-encryption-key (KEK) can be bound to the media streams using the linkage of the session description message. Each of the media streams can be secured using a traffic key conveyed to user equipment (UE) under protection of the key-encryption-key (KEK).